Generate a passticket for an acid not defined to the CA Top Secret Security file?

Document ID : KB000013439
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

Questions:
1. Can we issue a call to generate a pass ticket for an ACID that is not defined to the security file?
2. Is there a way to modify the ACID used in the pass ticket generation process when a request is made to generate a pass ticket?

Answer:

Questions:
1. Can we issue a call to generate a pass ticket for an ACID that is not defined to the security file?
Answer:
A passticket is used to signon an acid that his defined to security. So, the user must be defined to security.

2. Is there a way to modify the ACID used in the pass ticket generation process when a request is made to generate a pass ticket?
Answer.
The RACF Callable Service r_gensec is used to generate a passticket. From the zOS V2R1 RACF Callable Services Guide (SA23-2293-00) page 217, which document the r_gensec callable service and it looks like you can specify the acid you wish to use. Here is a section of the doc:

Generate PassTicket(1): This function will generate a PassTicket for a specified
userid and application name.
The function-specific parameters are:
* Address of a word containing the subfunction code (input).
* Address of a String block containing an 8-byte pre-allocated area to return the
PassTicket (output). The string block length must be 8 or larger to indicate an
acceptable buffer has been provided.
* Address of a String block containing 1-8 byte userid (input).
* Address of a String block containing a 1-8 byte application name (input).